DER Format to create key.der binary format of the private key.
CombinedPEM Format to create tls-combined.pem containing tls.key + tls.crt.
Added Unit and e2e tests for secret with Additional output format.
Feature flag AdditionalCertificateOutputFormats to enable feature.
Signed-off-by: Thierry Sallé <seuf76@gmail.com>
Note that using ed25519 on the public internet is not currently
recommended, since it's not widely supported. You'd likely not be able
to use an Ed25519 cert with an ACME issuer today.
Ed25519 certs might be useful for internal PKI, though - an ed25519 CA
issuer, say - or for testing ed25519 certs before they become more
widely available on the public internet. They're not currently
supported by Vault, Venafi or ACME (Letsencrypt) issuers.
Signed-off-by: Anner J. Bonilla <abonilla@hoyosintegrity.com>
Signed-off-by: Anner J. Bonilla <annerjb@gmail.com>
Signed-off-by: Ashley Davis <ashley.davis@jetstack.io>
The log message:
multiple CertificateRequests found for the 'next' revision 2,
skipping issuance until no more duplicate.
can be better phrased as:
multiple CertificateRequests are found for the 'next' revision 2,
issuance is skipped until there are no more duplicates.
Signed-off-by: Maël Valais <mael@vls.dev>
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
The stack frames displayed using assert.Fail was not very informative.
That is due to t.Cleanup being called "outside" of the test case
context. There was no mention of the test file itself, gatherer_test.go
in the following example:
certificaterequest.go:205:
Error Trace: certificaterequest.go:205
testing.go:872
testing.go:866
testing.go:873
testing.go:949
testing.go:1121
Error: lister.CertificateRequests was expected to be called but was not called
Test: TestDataForCertificate/should_return_error_when_the_list_func_returns_an_error
With this patch that vendors a simple version of assert.Fail, we get the
correct stack frames that the user needs in order to locate where this
failure happened:
certificaterequest.go:254:
Error Trace: gatherer_test.go:230
gatherer_test.go:240
Error: lister.CertificateRequests was expected to be called but was not called
Test: TestDataForCertificate/should_return_error_when_the_list_func_returns_an_error
Signed-off-by: Maël Valais <mael@vls.dev>
At first, I tried to follow the "generator" pattern that had already
been implemented for the order and secret objects. These generators look
like:
import (
"github.com/jetstack/cert-manager/test/unit/listers"
)
fake := listers.FakeSecretListerFrom(listers.NewFakeSecretLister(),
listers.SetFakeSecretNamespaceListerGet(nil, errors.New("not found")),
)
The major issue I was finding with this approach is that you cannot
enforce any behavior with these fakes: no way to check (or prevent)
unwanted called, no way to check that the correct namespace was used for
the call:
fake.Secrets("default").Get("secret-1")
which is annoying; I want to be able to check every input, output and
call numbers made to the mocked function.
So I propose a gomock-like approach. I could not use mockgen due to the
fact that (again) client-go is overly nested, which means I would have
to use quite a lot of glue code in order to use mockgen-generated mocks.
Signed-off-by: Maël Valais <mael@vls.dev>
